SWAT teams, residents victimized by 911 fraud

Pranksters using an Internet-based phone service can bring a full-on

Doug Bates and his wife, Stacey, were in bed around 10 p.m., their 2-year-old daughters asleep in a nearby room. Suddenly they were shaken awake by the wail of police sirens and the rumble of a helicopter above their suburban Southern California home. A criminal must be on the loose, they thought.

Doug Bates locked the doors and grabbed a knife. A beam from a flashlight hit him. He peeked into the backyard. A swarm of police, assault rifles drawn, ordered him out of the house. Bates emerged, frightened and with the knife in his hand, as his wife frantically dialed 911. They were handcuffed and ordered to the ground while officers stormed the house.

The scene of mayhem and carnage the officers expected was nowhere to be found. Neither the Bateses nor the officers knew that they were pawns in a dangerous game being played 1,200 miles away by a teenager bent on terrifying a random family of strangers.

They were victims of a new kind of telephone fraud that exploits a weakness in the way the 911 system handles calls from Internet-based phone services. The attacks -- called "swatting" because armed police SWAT teams usually respond -- are virtually unstoppable, and an Associated Press investigation found that budget-strapped 911 centers are essentially defenseless without an overhaul of their computer systems.

While Doug and Stacey Bates were cuffed on the ground that night in March 2007, 18-year-old Randal Ellis, living with his parents in Mukilteo, Wash., was nearly finished with the 27-minute yarn about a drug-fueled murder that brought the Orange County Sheriff's Department SWAT team to the Bateses' home.

In a grisly sounding call to 911, Ellis was putting an Internet-based phone service for the hearing-impaired to nefarious use. By entering bogus information about his location, Ellis was able to make it seem to the 911 operator as if he was calling from inside the Bateses' home. He said he was high on drugs and had just shot his sister.

According to prosecutors, Ellis picked the Bates family at random, as he did with all of the 185 calls investigators say he made to 911 operators around the country.

"If I would have had a gun in my hand, I probably would have been shot," said Doug Bates, 38.

Last March, Ellis was sentenced to three years in prison after pleading guilty to five felony counts, including computer access and fraud, false imprisonment by violence and falsely reporting a crime.

In a separate, multistate case prosecuted by federal authorities in Dallas, eight people were charged with orchestrating up to 300 "swatting" calls to victims they met on telephone party chat lines. The three ringleaders were each sentenced to five years in prison. Two others were sentenced to 2 1/2years. One defendant has pleaded guilty and could get a 13-year sentence. The remaining two are set to go on trial this month.

A similar case was reported in Salinas, where officers surrounded an apartment where a call had claimed that men with assault rifles were trying to break in. In Hiawatha, Iowa, fake calls about a workplace shooting included realistic gunshot sounds and moaning in the background. In November, a teenage hacker from Worcester, Mass., pleaded guilty to a five-month swatting spree including a bomb threat and report of an armed gunman that caused two schools to be evacuated.

Many times, however, swats don't get fully investigated or reported.

Orange County Sheriff's Det. Brian Sims spent weeks serving search warrants on Internet providers before he identified Ellis through his numeric computer identifier, known as an IP address.

Unlike calls that come from landline phones, which are registered to a fixed physical address that is displayed on 911 dispatchers' screens, calls coming from people's computers, or even calls from landline or cellphones that are routed through spoofing services, could appear to be originating from anywhere.

Scores of Caller ID spoofing services have sprung up, offering to disguise callers' origins for a fee. All anybody needs to do is pony up for a certain number of minutes, punch in a code and specify whom they're calling and what they'd like the Caller ID to display.

Spoofing Caller ID is perfectly legal. Businesses use the technology to project a single callback number for an entire office, or to let executives working from home cloak their home numbers when making outgoing calls.

At the same time, criminals have latched onto the technique to get revenge on rivals or get their kicks by harassing strangers.